Package com.identityworksllc.iiq.common

Class Plans

  • public class Plans
extends Object
    Utilities for acting on and generating ProvisioningPlan objects

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static String EMPTY_VALUE
      A value you can pass to either removeAttributeRequest or hasAttributeRequest to indicate a literal null instead of a wildcard (which is the default interpretation of null inputs to those methods).

    • Constructor Summary

      Constructors 
      Constructor Description
      Plans()  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static void disableAccounts​(sailpoint.api.SailPointContext context, sailpoint.object.Identity target, sailpoint.object.ProvisioningPlan plan, sailpoint.object.Filter exceptFilter)
      Adds an AccountRequest to the given plan for each non-disabled account owned by the user unless the account is matched by the exceptFilter.
      static void emptyPlan​(sailpoint.object.ProvisioningPlan plan)
      Empties the input plan’s account and object requests in place (i.e, by modifying the Lists within the plan itself).
      static void enableAccounts​(sailpoint.api.SailPointContext context, sailpoint.object.Identity target, sailpoint.object.ProvisioningPlan plan, sailpoint.object.Filter exceptFilter)
      Adds an AccountRequest to the given plan for each non-disabled account owned by the user unless the account is matched by the exceptFilter.
      static void enableOnEntitlementAdd​(sailpoint.object.ProvisioningPlan plan, sailpoint.object.Application application, boolean enableFirst)
      If an entitlement is being added to the given application in the given plan, also add a separate Enable operation.
      static void extractToNewRequest​(sailpoint.object.ProvisioningPlan plan, String targetAttribute)
      Extracts the target attribute from its AccountRequest into a new, second request against the same account.
      static void extractToNewRequest​(sailpoint.object.ProvisioningPlan plan, String targetAttribute, boolean atBeginning)
      Extracts the target attribute from its AccountRequest into a new, second request against the same account.
      static List<sailpoint.object.ProvisioningPlan.AttributeRequest> find​(sailpoint.object.ProvisioningPlan.AccountRequest accountRequest, Predicate<sailpoint.object.ProvisioningPlan.AttributeRequest> findPredicate)
      Finds attribute requests in the provisioning plan where the account matches the filter
      static List<sailpoint.tools.Pair<sailpoint.object.ProvisioningPlan.AccountRequest,​sailpoint.object.ProvisioningPlan.AttributeRequest>> find​(sailpoint.object.ProvisioningPlan plan, BiPredicate<sailpoint.object.ProvisioningPlan.AccountRequest,​sailpoint.object.ProvisioningPlan.AttributeRequest> findPredicate)
      Find pairs of account/attribute requests in the provisioning plan where the account and attribute together match the filter.
      static List<sailpoint.object.ProvisioningPlan.AccountRequest> find​(sailpoint.object.ProvisioningPlan plan, Predicate<sailpoint.object.ProvisioningPlan.AccountRequest> findPredicate)
      Finds attribute requests in the provisioning plan where the account matches the filter
      static List<sailpoint.tools.Pair<sailpoint.object.ProvisioningPlan.AccountRequest,​sailpoint.object.ProvisioningPlan.AttributeRequest>> find​(sailpoint.object.ProvisioningPlan plan, Predicate<sailpoint.object.ProvisioningPlan.AccountRequest> accountFilter, BiPredicate<sailpoint.object.ProvisioningPlan.AccountRequest,​sailpoint.object.ProvisioningPlan.AttributeRequest> attributeFilter)
      Find pairs of account/attribute requests in the provisioning plan where the account matches the first filter and the account/attribute combined match the second filter.
      static BiPredicate<sailpoint.object.ProvisioningPlan.AccountRequest,​sailpoint.object.ProvisioningPlan.AttributeRequest> hasAttributeNames​(String... attributeName)
      Finds attribute requests matching any of the given names
      static BiPredicate<sailpoint.object.ProvisioningPlan.AccountRequest,​sailpoint.object.ProvisioningPlan.AttributeRequest> hasAttributeRequest​(String attributeName, sailpoint.object.ProvisioningPlan.Operation operation, Object value)
      Finds an attribute request matching the name, operation, and values as defined.
      static void removeAssignedEntitlements​(sailpoint.api.SailPointContext context, sailpoint.object.Identity target, sailpoint.object.ProvisioningPlan plan, sailpoint.object.Filter exceptFilter)
      Remove all assigned entitlements (i.e.
      static void removeAssignedRoles​(sailpoint.api.SailPointContext context, sailpoint.object.Identity target, sailpoint.object.ProvisioningPlan plan, sailpoint.object.Filter exceptFilter)
      Remove all assigned roles from the given Identity by adding Remove operations to the given ProvisioningPlan.
      static void removeAttributeRequest​(sailpoint.object.ProvisioningPlan.AccountRequest accountRequest, String attributeName, sailpoint.object.ProvisioningPlan.Operation attributeOperation, Object attributeValue)
      Removes the attribute requests matching by name, operation, and/or value from the given account request.
      static void removeAttributeRequest​(sailpoint.object.ProvisioningPlan plan, String attributeName)
      Removes the given attribute request(s) matching by name.
      static void removeAttributeRequest​(sailpoint.object.ProvisioningPlan plan, String attributeName, sailpoint.object.ProvisioningPlan.Operation attributeOperation)
      Removes the given attribute request(s) matching by either name or operation.
      static void removeAttributeRequest​(sailpoint.object.ProvisioningPlan plan, String attributeName, sailpoint.object.ProvisioningPlan.Operation attributeOperation, Object attributeValue)
      Removes the given attribute request(s) matching by either name, operation, or both, from any account requests on this plan.
      static void removeEntitlements​(sailpoint.api.SailPointContext context, sailpoint.object.Identity target, sailpoint.object.ProvisioningPlan plan, sailpoint.object.Filter exceptFilter)
      Remove all entitlements from the given Identity by adding Remove operations to the given ProvisioningPlan.
      static void setOnEntitlementAdd​(sailpoint.object.ProvisioningPlan plan, sailpoint.object.Application application, String otherAttribute, Object value)
      Sets the given other attribute to the given value on any entitlement add.
      static void sort​(sailpoint.object.ProvisioningPlan plan)
      Sorts the AccountRequests in the given ProvisioningPlan using the default order, which is defined in PlanComparators.defaultSequence().
      static void sort​(sailpoint.object.ProvisioningPlan.AccountRequest accountRequest)
      Sorts the AttributeRequessts in the given ProvisioningPlan using the default order, which is defined in PlanComparators.defaultAttributeSequence().
      static void sort​(sailpoint.object.ProvisioningPlan plan, Comparator<sailpoint.object.ProvisioningPlan.AccountRequest> sorter)
      Sorts the AccountRequests in the given ProvisioningPlan using the given sorter.

    • Field Detail

      • EMPTY_VALUE

        public static final String EMPTY_VALUE
        A value you can pass to either removeAttributeRequest or hasAttributeRequest to indicate a literal null instead of a wildcard (which is the default interpretation of null inputs to those methods).

        This will match anything that Utilities.isNothing(Object) matches.

    • Constructor Detail

    • Method Detail

      • disableAccounts

        public static void disableAccounts​(sailpoint.api.SailPointContext context,
                                   sailpoint.object.Identity target,
                                   sailpoint.object.ProvisioningPlan plan,
                                   sailpoint.object.Filter exceptFilter)
                            throws sailpoint.tools.GeneralException
        Adds an AccountRequest to the given plan for each non-disabled account owned by the user unless the account is matched by the exceptFilter.
        Throws:
        sailpoint.tools.GeneralException

      • emptyPlan

        public static void emptyPlan​(sailpoint.object.ProvisioningPlan plan)
        Empties the input plan’s account and object requests in place (i.e, by modifying the Lists within the plan itself).

        This can be used to cancel a provisioning operation in a Before Provisioning rule, for example.

        Parameters:
        plan - The plan

      • enableAccounts

        public static void enableAccounts​(sailpoint.api.SailPointContext context,
                                  sailpoint.object.Identity target,
                                  sailpoint.object.ProvisioningPlan plan,
                                  sailpoint.object.Filter exceptFilter)
                           throws sailpoint.tools.GeneralException
        Adds an AccountRequest to the given plan for each non-disabled account owned by the user unless the account is matched by the exceptFilter.
        Throws:
        sailpoint.tools.GeneralException

      • enableOnEntitlementAdd

        public static void enableOnEntitlementAdd​(sailpoint.object.ProvisioningPlan plan,
                                          sailpoint.object.Application application,
                                          boolean enableFirst)
        If an entitlement is being added to the given application in the given plan, also add a separate Enable operation.

        This is important for connectors like Salesforce where entitlements cannot be added to disabled accounts.

      • extractToNewRequest

        public static void extractToNewRequest​(sailpoint.object.ProvisioningPlan plan,
                                       String targetAttribute)
        Extracts the target attribute from its AccountRequest into a new, second request against the same account.

      • extractToNewRequest

        public static void extractToNewRequest​(sailpoint.object.ProvisioningPlan plan,
                                       String targetAttribute,
                                       boolean atBeginning)
        Extracts the target attribute from its AccountRequest into a new, second request against the same account.

        The new request will be placed at the beginning of the ProvisioningPlan sequence.

      • find

        public static List<sailpoint.object.ProvisioningPlan.AttributeRequest> find​(sailpoint.object.ProvisioningPlan.AccountRequest accountRequest,
                                                                            Predicate<sailpoint.object.ProvisioningPlan.AttributeRequest> findPredicate)
        Finds attribute requests in the provisioning plan where the account matches the filter
        Parameters:
        accountRequest - The provisioning plan
        findPredicate - The account filter
        Returns:
        The list of account requests

      • find

        public static List<sailpoint.object.ProvisioningPlan.AccountRequest> find​(sailpoint.object.ProvisioningPlan plan,
                                                                          Predicate<sailpoint.object.ProvisioningPlan.AccountRequest> findPredicate)
        Finds attribute requests in the provisioning plan where the account matches the filter
        Parameters:
        plan - The provisioning plan
        findPredicate - The account filter
        Returns:
        The list of account requests

      • find

        public static List<sailpoint.tools.Pair<sailpoint.object.ProvisioningPlan.AccountRequest,​sailpoint.object.ProvisioningPlan.AttributeRequest>> find​(sailpoint.object.ProvisioningPlan plan,
                                                                                                                                                         BiPredicate<sailpoint.object.ProvisioningPlan.AccountRequest,​sailpoint.object.ProvisioningPlan.AttributeRequest> findPredicate)
        Find pairs of account/attribute requests in the provisioning plan where the account and attribute together match the filter.
        Parameters:
        plan - The provisioning plan
        findPredicate - The account and attribute filter
        Returns:
        The list of account/attribute pairs

      • find

        public static List<sailpoint.tools.Pair<sailpoint.object.ProvisioningPlan.AccountRequest,​sailpoint.object.ProvisioningPlan.AttributeRequest>> find​(sailpoint.object.ProvisioningPlan plan,
                                                                                                                                                         Predicate<sailpoint.object.ProvisioningPlan.AccountRequest> accountFilter,
                                                                                                                                                         BiPredicate<sailpoint.object.ProvisioningPlan.AccountRequest,​sailpoint.object.ProvisioningPlan.AttributeRequest> attributeFilter)
        Find pairs of account/attribute requests in the provisioning plan where the account matches the first filter and the account/attribute combined match the second filter.
        Parameters:
        plan - The provisioning plan
        accountFilter - The account filter
        attributeFilter - The attribute filter
        Returns:
        The list of account/attribute pairs

      • hasAttributeNames

        public static BiPredicate<sailpoint.object.ProvisioningPlan.AccountRequest,​sailpoint.object.ProvisioningPlan.AttributeRequest> hasAttributeNames​(String... attributeName)
        Finds attribute requests matching any of the given names
        Parameters:
        attributeName - The attribute name(s)
        Returns:
        The predicate object

      • hasAttributeRequest

        public static BiPredicate<sailpoint.object.ProvisioningPlan.AccountRequest,​sailpoint.object.ProvisioningPlan.AttributeRequest> hasAttributeRequest​(String attributeName,
                                                                                                                                                         sailpoint.object.ProvisioningPlan.Operation operation,
                                                                                                                                                         Object value)
        Finds an attribute request matching the name, operation, and values as defined.

        Null and empty values are considered a “skip this match”.

        Parameters:
        attributeName - The attribute name
        operation - The operation to match
        value - The value(s) to match
        Returns:
        The predicate object

      • removeAssignedEntitlements

        public static void removeAssignedEntitlements​(sailpoint.api.SailPointContext context,
                                              sailpoint.object.Identity target,
                                              sailpoint.object.ProvisioningPlan plan,
                                              sailpoint.object.Filter exceptFilter)
                                       throws sailpoint.tools.GeneralException
        Remove all assigned entitlements (i.e.

        AttributeAssignments requested via LCM or added via certification) from the user, except those matched by the ‘exceptFilter’.

        Throws:
        sailpoint.tools.GeneralException

      • removeAssignedRoles

        public static void removeAssignedRoles​(sailpoint.api.SailPointContext context,
                                       sailpoint.object.Identity target,
                                       sailpoint.object.ProvisioningPlan plan,
                                       sailpoint.object.Filter exceptFilter)
                                throws sailpoint.tools.GeneralException
        Remove all assigned roles from the given Identity by adding Remove operations to the given ProvisioningPlan.

        Role assignments matched by the ‘exceptFilter’ will not be removed.

        Throws:
        sailpoint.tools.GeneralException

      • removeAttributeRequest

        public static void removeAttributeRequest​(sailpoint.object.ProvisioningPlan plan,
                                          String attributeName,
                                          sailpoint.object.ProvisioningPlan.Operation attributeOperation)
        Removes the given attribute request(s) matching by either name or operation.
        Parameters:
        plan - The plan to modify
        attributeName - The attribute to remove (by name)
        attributeOperation - The attribute to remove (by operation)

      • removeAttributeRequest

        public static void removeAttributeRequest​(sailpoint.object.ProvisioningPlan plan,
                                          String attributeName)
        Removes the given attribute request(s) matching by name.
        Parameters:
        plan - The plan to modify
        attributeName - The attribute to remove (by name)

      • removeAttributeRequest

        public static void removeAttributeRequest​(sailpoint.object.ProvisioningPlan plan,
                                          String attributeName,
                                          sailpoint.object.ProvisioningPlan.Operation attributeOperation,
                                          Object attributeValue)
        Removes the given attribute request(s) matching by either name, operation, or both, from any account requests on this plan.

        Nulls provided for any of the three criteria will skip matching that attribute.

        If you want to match an actual null or empty value, use EMPTY_VALUE.

        Parameters:
        plan - The plan to modify
        attributeName - The attribute name (possibly null) to match
        attributeOperation - The attribute operation (possibly null) to match
        attributeValue - The attribute value (possibly null) to match

      • removeAttributeRequest

        public static void removeAttributeRequest​(sailpoint.object.ProvisioningPlan.AccountRequest accountRequest,
                                          String attributeName,
                                          sailpoint.object.ProvisioningPlan.Operation attributeOperation,
                                          Object attributeValue)
        Removes the attribute requests matching by name, operation, and/or value from the given account request.

        Nulls provided for any of the three criteria will skip matching that attribute.

        Parameters:
        accountRequest - The account request to modify
        attributeName - The attribute name
        attributeOperation - The attribute operation
        attributeValue - The attribute value

      • removeEntitlements

        public static void removeEntitlements​(sailpoint.api.SailPointContext context,
                                      sailpoint.object.Identity target,
                                      sailpoint.object.ProvisioningPlan plan,
                                      sailpoint.object.Filter exceptFilter)
                               throws sailpoint.tools.GeneralException
        Remove all entitlements from the given Identity by adding Remove operations to the given ProvisioningPlan.

        Entitlements matched by the ‘exceptFilter’ will not be removed.

        Throws:
        sailpoint.tools.GeneralException

      • setOnEntitlementAdd

        public static void setOnEntitlementAdd​(sailpoint.object.ProvisioningPlan plan,
                                       sailpoint.object.Application application,
                                       String otherAttribute,
                                       Object value)
        Sets the given other attribute to the given value on any entitlement add.

      • sort

        public static void sort​(sailpoint.object.ProvisioningPlan plan,
                        Comparator<sailpoint.object.ProvisioningPlan.AccountRequest> sorter)
        Sorts the AccountRequests in the given ProvisioningPlan using the given sorter.

        Several useful sorters are provided in PlanComparators.

      • sort

        public static void sort​(sailpoint.object.ProvisioningPlan plan)
        Sorts the AccountRequests in the given ProvisioningPlan using the default order, which is defined in PlanComparators.defaultSequence().

        Attributes on each AccountRequest are then sorted using the default attribute comparator.

        The order is roughly create, modify, status changes, delete. This is what most connectors are expecting when more than one operation happens at once.

      • sort

        public static void sort​(sailpoint.object.ProvisioningPlan.AccountRequest accountRequest)
        Sorts the AttributeRequessts in the given ProvisioningPlan using the default order, which is defined in PlanComparators.defaultAttributeSequence().

        The essence is removes first, then sets, then adds.